IBM DataPower

Checking SAP Notes

SAML Sender-vouches is supported with releases AS ABAP 7.00 (SP 15) and higher. Please ensure the following SAP notes have been applied:AS ABAP 7.00:

SAP Notes: 1176558, 1325457

Kernel Patch level: 207

AS ABAP 7.01:

Support Package SP5

Kernel patch level: 74

AS ABAP 7.10:

SAP Notes 1170238, 1325457

Kernel patch level: 150

Configure the provider

The ws provider needs to be configured to SAML Sender-Vouches authentication. To create such a configuration, follow the instructions.

Configure Trust between DataPower and SAP WebAS ABAP

A key must be generated on DataPower and exported into the SAP system to establish the trust. While many tools may be used to create such a key, recommended solution is to use the DataPower crypto toolkit as this also installs the keys into DataPower.
Any SAML assertion created by DataPower needs to be trusted by the SAP system and be mapped to an SAP user. Please follow the instructions from section Configure Trust for SAML SenderVouches authentication ( ABAP) using the following information:

WSDL Files

SAP systems can generate different flavors of WSDL files. The WSDL files expected by DataPower must not contain WS-Policy. By default the the 7.00 ABAP systems generate a WSDL with WS-Policy. To generate a WSDL without Policy, change the WSDL URL by replacing ws_policy with standard, i.e.https://host:port /sap/bc/srt/wsdl/bndg_48049D9689E750A4E10000000A1146E6/wsdl11/allinone/ws_policy/document?sap-client=000 will get https://host:port/ /sap/bc/srt/wsdl/bndg_48049D9689E750A4E10000000A1146E6/wsdl11/allinone/standard/document?sap-client=000